From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9B75DC433EF for ; Wed, 23 Mar 2022 17:22:47 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 038906B0073; Wed, 23 Mar 2022 13:22:47 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id F28FE6B0074; Wed, 23 Mar 2022 13:22:46 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DEFE56B0075; Wed, 23 Mar 2022 13:22:46 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (relay.hostedemail.com [64.99.140.26]) by kanga.kvack.org (Postfix) with ESMTP id D30696B0073 for ; Wed, 23 Mar 2022 13:22:46 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay11.hostedemail.com (Postfix) with ESMTP id A41E481AC5 for ; Wed, 23 Mar 2022 17:22:46 +0000 (UTC) X-FDA: 79276320732.04.DD24EF7 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf15.hostedemail.com (Postfix) with ESMTP id 07FC1A002E for ; Wed, 23 Mar 2022 17:22:45 +0000 (UTC) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 423D060B6A; Wed, 23 Mar 2022 17:22:45 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id A0EDCC340E8; Wed, 23 Mar 2022 17:22:42 +0000 (UTC) Date: Wed, 23 Mar 2022 17:22:38 +0000 From: Catalin Marinas To: Ariel Marcovitch Cc: akpm@linux-foundation.org, mpe@ellerman.id.au, benh@kernel.crashing.org, paulus@samba.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, Mike Rapoport Subject: Re: False positive kmemleak report for dtb properties names on powerpc Message-ID: References: <9dd08bb5-f39e-53d8-f88d-bec598a08c93@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <9dd08bb5-f39e-53d8-f88d-bec598a08c93@gmail.com> X-Stat-Signature: 5kcgg5rrc6iy7x1wqszd371pjim88199 Authentication-Results: imf15.hostedemail.com; dkim=none; spf=pass (imf15.hostedemail.com: domain of cmarinas@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=cmarinas@kernel.org; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=arm.com (policy=none) X-Rspam-User: X-Rspamd-Server: rspam11 X-Rspamd-Queue-Id: 07FC1A002E X-HE-Tag: 1648056165-271352 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Hi Ariel, On Fri, Feb 18, 2022 at 09:45:51PM +0200, Ariel Marcovitch wrote: > I was running a powerpc 32bit kernel (built using > qemu_ppc_mpc8544ds_defconfig > buildroot config, with enabling DEBUGFS+KMEMLEAK+HIGHMEM in the kernel > config) > on qemu and invoked the kmemleak scan (twice. for some reason the first time > wasn't enough). [...] > I got 97 leak reports, all similar to the following: [...] > memblock_alloc lets kmemleak know about the allocated memory using > kmemleak_alloc_phys (in mm/memblock.c:memblock_alloc_range_nid()). > > The problem is with the following code (mm/kmemleak.c): > > ```c > > void __ref kmemleak_alloc_phys(phys_addr_t phys, size_t size, int min_count, >                                gfp_t gfp) > { >         if (!IS_ENABLED(CONFIG_HIGHMEM) || PHYS_PFN(phys) < max_low_pfn) >                 kmemleak_alloc(__va(phys), size, min_count, gfp); > } > > ``` > > When CONFIG_HIGHMEM is enabled, the pfn of the allocated memory is checked > against max_low_pfn, to make sure it is not in the HIGHMEM zone. > > However, when called through unflatten_device_tree(), max_low_pfn is not yet > initialized in powerpc. > > max_low_pfn is initialized (when NUMA is disabled) in > arch/powerpc/mm/mem.c:mem_topology_setup() which is called only after > unflatten_device_tree() is called in the same function (setup_arch()). > > Because max_low_pfn is global it is 0 before initialization, so as far as > kmemleak_alloc_phys() is concerned, every memory is HIGHMEM (: and the > allocated memory is not tracked by kmemleak, causing references to objects > allocated later with kmalloc() to be ignored and these objects are marked as > leaked. Thanks for digging into this. It looks like the logic doesn't work (not sure whether it ever worked). > I actually tried to find out whether this happen on other arches as well, > and it seems like arm64 also have this problem when dtb is used instead of > acpi, although I haven't had the chance to confirm this. arm64 doesn't enable CONFIG_HIGHMEM, so it's not affected. > I don't suppose I can just shuffle the calls in setup_arch() around, so I > wanted to hear your opinions first I think it's better if we change the logic than shuffling the calls. IIUC MEMBLOCK_ALLOC_ACCESSIBLE means that __va() works on the phys address return by memblock, so something like below (untested): -------------8<---------------------- diff --git a/mm/kmemleak.c b/mm/kmemleak.c index 7580baa76af1..f3599e857c13 100644 --- a/mm/kmemleak.c +++ b/mm/kmemleak.c @@ -1127,8 +1127,7 @@ EXPORT_SYMBOL(kmemleak_no_scan); void __ref kmemleak_alloc_phys(phys_addr_t phys, size_t size, int min_count, gfp_t gfp) { - if (!IS_ENABLED(CONFIG_HIGHMEM) || PHYS_PFN(phys) < max_low_pfn) - kmemleak_alloc(__va(phys), size, min_count, gfp); + kmemleak_alloc(__va(phys), size, min_count, gfp); } EXPORT_SYMBOL(kmemleak_alloc_phys); diff --git a/mm/memblock.c b/mm/memblock.c index b12a364f2766..2515bd4331e8 100644 --- a/mm/memblock.c +++ b/mm/memblock.c @@ -1397,7 +1397,7 @@ phys_addr_t __init memblock_alloc_range_nid(phys_addr_t size, * Skip kmemleak for those places like kasan_init() and * early_pgtable_alloc() due to high volume. */ - if (end != MEMBLOCK_ALLOC_NOLEAKTRACE) + if (end == MEMBLOCK_ALLOC_ACCESSIBLE) /* * The min_count is set to 0 so that memblock allocated * blocks are never reported as leaks. This is because many -------------8<---------------------- But I'm not sure whether we'd now miss some genuine allocations where the memblock limit is different from MEMBLOCK_ALLOC_ACCESSIBLE but still within the lowmem limit. If the above works, we can probably get rid of some other kmemleak callbacks in the kernel. Adding Mike for any input on memblock. -- Catalin